2 matches found
CVE-2014-7390
The Enchanted Fashion Crush aka com.tabtale.springcrushbundleint application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7390
CVE-2014-7390 concerns the Android app “The Enchanted Fashion Crush” (package com.tabtale.springcrushbundleint) version 1.0.0, where SSL TLS server certificate verification is not performed. This enables a man-in-the-middle attacker to spoof the server and obtain sensitive data via a crafted cert...